oss-sec mailing list archives

CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher

From: Brian Demers <bdemers () apache org>
Date: Tue, 11 Oct 2022 22:52:33 -0400

Description:

Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in
Shiro when forwarding or including via RequestDispatcher.

Credit:

Apache Shiro would like to thank Y4tacker for reporting this issue

Current thread:

CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers (Oct 12)
- Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Alan Coopersmith (Oct 12)
  - Re: CVE-2022-40664: Apache Shiro: Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher Brian Demers (Oct 12)